Improper input validation in Canonical Ubuntu_linux

CVE-2011-1829

APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.017 (74.0th percentile) — read the EPSS interpretation.

Affected products

Canonical Ubuntu_linux — versions 11.04
Debian Advanced_package_tool
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

security@ubuntu.com (x_refsource_CONFIRM, Release Notes, Vendor Advisory)
security@ubuntu.com (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
security@ubuntu.com (x_refsource_CONFIRM, Patch)
security@ubuntu.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
security@ubuntu.com (x_refsource_CONFIRM, Third Party Advisory)
security@ubuntu.com (x_refsource_CONFIRM, Patch, Third Party Advisory)
security@ubuntu.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_XF)